>> After reading "nginx does not suck at ssl":
>>>>http://matt.io/entry/ur>>>> I'm using:
>>>> ssl_ciphers
>> ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH;
>> Some of us use the following to mitigate BEAST attacks:
> ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!aNULL:!MD5:!EDH;
Thanks Mark, this is supposed to mitigate BEAST as well and it's only
slightly different than the default:
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
Here is mex's link again:
https://www.ssllabs.com/ssltest/
I use the following for better performance:
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
Reference:
http://www.hybridforge.com/blog/nginx-ssl-ciphers-and-pci-compliance
- Grant